Apple's Private Cloud Compute seems to be conceptually equivalent with System Transparency - an open-source software project my colleagues and I started six years ago.
I'm very much looking forward to more technical details. Should anyone at Apple see this, please feel free to reach out to me at stromberg@mullvad.net. I'd be more than happy to discuss our design, your design, and/or give you feedback.
Confidential Compute involves technologies such as SGX and SEV, and for which I think Asylo is an abstraction for (not sure), where the operator (eg Azure) cannot _hardware intercept_ data. The description of what Apple is doing "just" uses their existing code signing and secure boot mechanisms to ensure that everything from the boot firmware (the computers that start before the actual computer starts) to the application, is what you intended it to be. Once it lands in the PCC node it is inspectable though.
Confidential Compute goes a step further to ensure that the operator cannot observe the data being operated on, thus also defeating shared workloads that exploit speculative barriers, and hardware bus intercept devices.
Confidential Compute also allows attestation of the software being run, something Apple is not providing here. EDIT: looks like they do have attestation, however it's different to how SEV etc attestation works. The client still has to trust that the private key isn't leaked, so this is dependent on other infrastructure working correctly. It also depends on the client getting a correct public key. There's no description of how the client attests that.
Interesting that they go through all this effort just for (let's be honest) AI marketing. All your data in the past (location, photos, contacts, safari history) is just as sensitive and deserving of such protection. But apparently PCC will apply only to AI inference workloads. Siri was already and continues to be a kind of cloud AI.
Apple's secure enclave docs also mention memory encryption. The PCC blogpost mentions that the server hardware is built on secure enclaves. And since they are claiming that even Apple can't access it, I am currently assuming that there will be memory encryption happening on the servers. At which point you have have the main ingredients of CC: memory encryption & remote attestation.
EDIT: and they mention SGX and Nitro. Other CC technologies :)
> Apple's secure enclave docs also mention memory encryption.
Yes, but that's only within the enclave. Every Mac hardware since T2 has had that, and we don't consider them strong enough to meet the CC bar.
As an example of the difference, CC is designed so that a compromised hypervisor cannot inspect your guest workload. Whereas in Apple's design, they attempt to prove that the hypervisor isn't compromised. Now imagine there's a bug ...
(Not that SGX hasn't had exploitable hardware flaws, but there is a difference here.)
This was my take from the presentation as well, immediately thought of your feature. Will be interesting to hear your take on it once the details have been made available and fully understood.
Yeah it seems so, though most of these systems (e.g. Intel SGX, AMD SEV, NVIDIAs new tech) use the same basic building blocks (Apple itself isn't member of the confidential computing consortium but ARM is), for me it's the quality of the overall implementation and system that sets this apart. I'm also quite bullish about trusted computing, seems it gains significant momentum. I would like some technologies to be more open and e.g. allow you to control the whole stack and install your own root certificates / keys on a hardware platform, but even so I think it can provide many benefits. With Apple pushing this further into the mainstream I expect to see more adoption.
Apple's Private Cloud Compute seems to be conceptually equivalent with System Transparency - an open-source software project my colleagues and I started six years ago.
I'm very much looking forward to more technical details. Should anyone at Apple see this, please feel free to reach out to me at stromberg@mullvad.net. I'd be more than happy to discuss our design, your design, and/or give you feedback.
Relevant links:
- https://mullvad.net/en/blog/system-transparency-future
- http://system-transparency.org (somewhat outdated)
- http://sigsum.org